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DETAILED ACTION 



1. 



Claims 1-24 are pending. 



Response to Arguments 



2. Applicant's arguments filed 6/20/2007 have been fully considered but they are 
not persuasive. 

3. Applicant argues on pages 8-10 against the rejection of claims 1-16 under § 101. 
Examiner has dropped the rejection of claims 1-8. The rejection of claims 9-16 stands. 
Claims 9-16 may be interpreted as being purely software elements which may be stored 
in an intangible media such as a modulated carrier signal (Specification, page 7). 
Hence, claims 9-16 are software per se that is intangible. As a result, the claims are 
directed to nothing more than an abstract idea and not to an implementation to 
produces a useful, concrete, and tangible result. 

4. Applicant argues on pages 12-13 that Win fails to teach the web site comprising 
a set of online stores and a set of organizations . Examiner respectfully notes that 
Applicant's arguments are misplaced because the prior office action clearly indicated 
that the Gillett reference was relied upon to teach this limitation (see Office Action, page 
4). Gillett teaches the web site comprising a set of online stores and a set of 
organizations (Gillett, column 3 lines 28-60, online stores, column 4 lines 1-10, column 8 
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lines 20-40). Gillett teaches a merchant (organization) having an online storefront (on- 
line store). 

5. Applicant further alleges that Win Gillett fails to teach the security domain 
comprising a subset of organizations and the on-line stores associated with the 
organizations in the subset. Examiner respectfully disagrees. Gillett teaches the 
security domain comprising a subset of organizations and the on-line stores associated 
with the organizations in the subset (Gillett, column 3 lines 28-60, online stores, column 
4 lines 1-10, column 8 lines 20-40) by teaching organizations (merchants) each having 
separate security domains because each merchant has special security control over his 
storefronts through encryption, decryption, and authentication. A subset of the 
organizations would be a single merchant. 

6. Applicant further alleges that Win and Gillett fail to teach granting or denying 
access to a user attempting to access a portion of the web site by determining the user 
identity for the and determining the access role associated with the user identity for the 
security domain corresponding to the portion of the web site subject to the access 
attempt. Examiner respectfully disagrees. Win teaches granting or denying access to a 
user attempting to access a portion of the web site by determining the user identity for 
the user (Win, column 8 lines 10-16, grants access based upon the user identity, 
column 3 lines 1-6, denies access based on user identity, column 8 lines 36-46) and 
determining the access role associated with the user identity for the security domain 
corresponding to the portion of the web site subject to the access. attempt (Win, column 
6 lines 10-16) by teaching determining if a user has the correct role associated with their 
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user identity to access the particular portion of the website they are attempting to 
access. The particular portion of the website to which access is requested comprises a 
security domain because it has an associated security level or role requirement in order 
to gain access. 

7. Applicant further argues that Win and Gillett fail to teach the set of organizations 
as a tree structure. Examiner respectfully disagrees. Gillett and Win teaches the set of 
organizations as a tree structure (Gillett, Figure 1, tree structure with ISP 26 as root and 
merchant computers 24 as leaves. Win, column 5 lines 20-32 and lines 55-56, 
functional groups of roles own lesser roles) by Gillett teaching merchants as leaves in 
an tree structure where the merchants further contain leaves as storefronts. Further, 
Win teaches organizations in tree structures where organizations have subgroups (Win, 
column 5 lines 33-35). 

8. Applicant further argues that Win and Gillett fail to teach maintaining and 
providing look up functionality for a table comprising rows comprising data representing 
user identity, organization, and access role associations. Examiner respectfully 
disagrees. Win teaches maintaining and providing look up functionality for a table (Win, 
column 13 lines 50-52, database tables, column 15 lines 44-46, table of user names 
and user types and look up functionality provided by Registry Repository) comprising 
rows comprising data representing user identity, organization, and access role 
associations (Win, column 16 lines 46-53, record includes name, role, and privileges) by 
teaching database tables and a registry repository. These are both composed of rows 
of data that may be accessed in a look up operation. Further, data representing user 
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identity, organization, and access role associations is stored by the administration 
application allowing the lookup and assignment of security roles (Win, column 13 lines 
7-22). 

9. Applicant further argues against the motivation for combination of Win and Gillett. 
Applicant's arguments are unpersuasive. Examiner has provided a rational motivation 
for the combination. It would have been obvious to a person of ordinary skill in the art to 
utilize Gillett's organizational design using online stores because it offers the advantage 
of allowing small merchants to set up online stores while having a centralized ISP 
provide the security and maintenance of the websites thereby diminishing the threat of 
misuse of information (Gillett, column 1 lines 30-62 and column 1 lines 1-15). Gillett 
provides ample motivation in that Gillett suggests an advantage that most merchants do 
not have the wherewithal to manage their websites and security and thus it is an 
advantage to offload those processes to an ISP. The fact that Win is not concerned 
with the threat of misuse of information is immaterial. 

10. Applicant further argues on page 23 that Win, Gillett and Aull fail to teach 
computer readable program code means for providing user identities with associated 
access roles at user registration to a website. Examiner respectfully disagrees. Aull 
teaches computer readable program code means for providing user identities with 
associated access roles at user registration to a website (Aull, column 9 lines 6-21, 
registers using web server and receives role certificate). Aull teaches a user who 
registers and receives role certificate. A role certificate provides identity and allows the 
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granting of access. Thus, Aull teaches providing user identities with associated access 
roles at user registration to a website. 

11. Applicant further argues against the motivation to combine Aull with Win and 
Gillett. Examiner has provided a rational motivation for the combination. It would have 
been obvious to a person of ordinary skill in the art to utilize Aull's registration method 
because it offers the advantage of providing a method by which all parties involved may 
give their approval to the granting of a role to a user (Aull, column 9 lines 10-21). Aull 
provides further motivation for using the registration and role certificate method in that 
the certificate provides simple and fast methods of indicating proper approval, authority, 
or acceptance (Aull, column 2 lines 13-29). As a result, Aull teaches that registration is 
commenced and a certificate is granted if proper approval of all parties is received. 
Further, Aull teaches that another advantage of this method is that the certificate is a 
simple and fast methods of indicating proper approval, authority, or acceptance. Thus, 
Examiner maintains that a prima facie case of obviousness has been shown. 

Claim Rejections - 35 USC § 101 

12. Claims 9-16 are rejected under 35 U.S.C. 101 because the claims are directed 
towards nonstatutory subject matter. 

13. With regards to claims 1-8 and 9-16, the claimed medium (claims 1-8) and the 
claimed "means" is defined by the specification as being a modulated carrier signal in 
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certain embodiments (Specification, page 7). A signal is an intangible medium and thus 
the claims fail the practical application requirement of 35 USC 101 by failing to provide a 
use, concrete, and tangible result. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the . 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

14. Claims 1-7, 9-15, and 17-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Win et al US Patent No. 6,453,353 in view of Gillett et al US Patent 
No. 6,760,711. 

15. With regards to claims 1, 9, 17, Win teaches a computer program product, 
system, and method for implementing electronic commerce systems comprising a web 
site being accessible by one or more users (Win, column 4 lines 20-30 and 34-67, web 
server with components stored on physical server), the computer. readable code means 
representing the users (Win, column 5 lines 12-15, registered users, column 4 lines 45- 
51), each user being associated with a unique identity in the system (Win, column 6 
lines 1-10, users associated with a particular login, column 6 lines 40-45, associated 
with a particular username), computer readable program code means for associating a 
user identity with one of a set of access roles for a security domain (Win, column 5 lines 
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44-54, associates each user with access rights defined by their role), the access role 
defining access privileges for the user corresponding to the user identity (Win, column 5 
lines 44-54, associates each user with access rights defined by their role), computer 
readable program code means for granting or denying access to a user attempting to 
access a portion of the web site by determining the user identity for the user (Win, 
column 8 lines 10-16, grants access based upon the user identity, column 3 lines 1-6, 
denies access based on user identity, column 8 lines 36-46) and determining the 
access role associated with the user identity for the security domain corresponding to 
the portion of the web site subject to the access attempt (Win, column 6 lines 10-16). 
Win fails to teach the security domains comprising a subset of the set of organizations 
and the on-line stores associated with the organizations in the subset. However, Gillett 
teaches security domains comprising a subset of the set of organizations and the on- 
line stores associated with the organizations in the subset (Gillett, column 3 lines 28-60, 
online stores, column 4 lines 1-10, column 8 lines 20-40). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize 
Gillett's organizational design using online stores because it offers the advantage of 
allowing small merchants to set up online stores while having a centralized ISP provide 
the security and maintenance of the websites thereby diminishing the threat of misuse 
of information (Gillett, column 1 lines 35-62 and column 1 lines 1-15). 
16. With regards to claims 2, 10, and 18, Win as modified teaches carrying out the 
determination of the access role associated with a user identity for a security domain at 
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user logon time (Win, column 6 lines 10-16, when logging in, authorized resources are 
determined and presented to user). 

17. With regards to claims 3, 11, and 19, Win as modified teaches the set of 
access roles comprising registered customers and administrator roles (Win, column 4 
lines 44-50, roles include users and administrators, column 5 lines 20-33, users include 
the role of customer, column 16 lines 3-12). 

18. With regards to claims 4-6, 12-14, and 20-22, Win as modified teaches 
computer readable program code means operable to define the set of organizations as 
a tree structure (Gillett, Figure 1 , tree structure with ISP 26 as root and merchant 
computers 24 as leaves. Win, column 5 lines 20-32 and lines 55-56, functional groups 
of roles own lesser roles), in which the computer readable program code means for 
associating a user identity with one of a set of access roles further comprises computer 
readable program code means for associating the user identity with the access role for 
a selected one of the set of organizations (Win, column 5 lines 24-29, associates users 
with a particular organization) and computer readable program code means for defining 
the security domain to include the selected organization (Win, column 5 lines 33-39) 
and those organizations in the set that are descendants of the selected organization 
(Win, column 5 lines 54-56). 

19. With regards to claims 7, 15, and 23, Win as modified teaches computer 
readable program code means for maintaining and providing look up functionality for a 
table (Win, column 13 lines 50-52, database tables, column 15 lines 44-46, table of user 
names and user types and look up functionality provided by Registry Repository) 
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comprising rows comprising data representing user identity, organization, and access 
role associations (Win, column 16 lines 46-53, record includes name, role, and 
privileges). 

20. Claims 8, 16, and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Win et al US Patent No. 6,453,353 and Gillett et al US Patent No. 
6,760,711, as applied to claims 1, 9, and 17 above, and in further view of Aull et al US 
Patent No. 7,028,180. 

21 . With regards to claims 8, 16, and 24, Win as modified fails to teach computer 
readable program code means for providing user identities with associated access roles 
at user registration to a website. However, Aull teaches computer readable program 
code means for providing user identities with associated access roles at user 
registration to a website (Aull, column 9 lines 6-21, registers using web server and 
receives role certificate). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to utilize Aull's registration method 
because it offers the advantage of providing a method by which all parties involved may 
give their approval to the granting of a role to a user (Aull, column 9 lines 10-21). 

Conclusion 



THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L Nalven whose telephone number is 571 272 
3839. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Andrew Nalven 




